Cuckoo creates report.json but VM cannot contact back to the host

[k3nd0r]

My Cuckoo version and operating system are:

2.0.5 Host: Ubuntu Server 16.04 Guest: Windows 10

Output from "cuckoo" command when html address analysis begins:

2018-05-21 15:38:24,563 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2018-05-21 15:38:25,797 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2018-05-21 15:38:25,812 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2018-05-21 15:38:31,057 [cuckoo.core.scheduler] INFO: Starting analysis of URL "http://www.google.com" (task #8, options "procmemdump=yes,route=none") 2018-05-21 15:38:31,177 [cuckoo.core.scheduler] INFO: Task #8: acquired machine Windows10 (label=Windows10) 2018-05-21 15:38:31,185 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 14094 (interface=vboxnet0, host=192.168.56.101) 2018-05-21 15:39:50,060 [cuckoo.core.scheduler] ERROR: Error starting Virtual Machine! VM: Windows10, error: Timeout hit while for machine Windows10 to change status 2018-05-21 15:39:50,169 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Windows10 to path /home/d878314/.cuckoo/storage/analyses/8/memory.dmp 2018-05-21 15:39:50,626 [cuckoo.core.scheduler] WARNING: Unable to stop machine Windows10: Trying to stop an already stopped VM: Windows10 2018-05-21 15:39:50,697 [cuckoo.core.rooter] CRITICAL: Unable to passthrough root command (drop_disable) as the rooter unix socket doesn't exist. 2018-05-21 15:39:50,890 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/home/d878314/.cuckoo/storage/analyses/8/logs'. 2018-05-21 15:39:50,891 [cuckoo.processing.memory] ERROR: VM memory dump not found: to create VM memory dumps you have to enable memory_dump in cuckoo.conf! 2018-05-21 15:39:50,894 [cuckoo.processing.debug] ERROR: Error processing task #8: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration 2018-05-21 15:39:51,304 [cuckoo.core.plugins] ERROR: Failed to run 'on_complete' of the rtf_unknown_character_set signature Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/plugins.py", line 413, in call_signature if not signature.matched and handler(*args, kwargs): File "/home/d878314/.cuckoo/signatures/windows/office_rtf.py", line 55, in on_complete filetype = self.get_results("target", {})["file"]["type"] KeyError: 'file' 2018-05-21 15:39:51,481 [cuckoo.core.plugins] ERROR: Failed to run 'on_complete' of the rtf_unknown_version signature Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/plugins.py", line 413, in call_signature if not signature.matched and handler(*args, *kwargs): File "/home/d878314/.cuckoo/signatures/windows/office_rtf.py", line 27, in on_complete filetype = self.get_results("target", {})["file"]["type"] KeyError: 'file' 2018-05-21 15:39:51,589 [cuckoo.core.plugins] ERROR: Failed to run 'on_complete' of the url_file signature Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/plugins.py", line 413, in call_signature if not signature.matched and handler(args, kwargs): File "/home/d878314/.cuckoo/signatures/windows/url_file.py", line 21, in on_complete if "Internet shortcut" not in self.file.get("type", ""): AttributeError: 'URLFile' object has no attribute 'file' 2018-05-21 15:39:51,723 [cuckoo.core.scheduler] INFO: Task #8: reports generation completed 2018-05-21 15:39:51,733 [cuckoo.core.scheduler] INFO: Task #8: analysis procedure completed

Constant error in report.json:

it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration

cuckoo.conf: [cuckoo]

Enable or disable startup version check. When enabled, Cuckoo will connect

to a remote location to verify whether the running version is the latest

one available.

version_check = yes

If turned on, Cuckoo will delete the original file after its analysis

has been completed.

delete_original = no

If turned on, Cuckoo will delete the copy of the original file in the

local binaries repository after the analysis has finished. (On *nix this

will also invalidate the file called "binary" in each analysis directory,

as this is a symlink.)

delete_bin_copy = no

Specify the name of the machinery module to use, this module will

define the interaction between Cuckoo and your virtualization software

of choice.

machinery = virtualbox

Enable creation of memory dump of the analysis machine before shutting

down. Even if turned off, this functionality can also be enabled at

submission. Currently available for: VirtualBox and libvirt modules (KVM).

memory_dump = yes

When the timeout of an analysis is hit, the VM is just killed by default.

For some long-running setups it might be interesting to terminate the

monitored processes before killing the VM so that connections are closed.

terminate_processes = no

Enable automatically re-schedule of "broken" tasks each startup.

Each task found in status "processing" is re-queued for analysis.

reschedule = no

Enable processing of results within the main cuckoo process.

This is the default behavior but can be switched off for setups that

require high stability and process the results in a separate task.

process_results = yes

Limit the amount of analysis jobs a Cuckoo process goes through.

This can be used together with a watchdog to mitigate risk of memory leaks.

max_analysis_count = 0

Limit the number of concurrently executing analysis machines.

This may be useful on systems with limited resources.

Set to 0 to disable any limits.

max_machines_count = 0

Limit the amount of VMs that are allowed to start in parallel. Generally

speaking starting the VMs is one of the more CPU intensive parts of the

actual analysis. This option tries to avoid maxing out the CPU completely.

max_vmstartup_count = 10

Minimum amount of free space (in MB) available before starting a new task.

This tries to avoid failing an analysis because the reports can't be written

due out-of-diskspace errors. Setting this value to 0 disables the check.

(Note: this feature is currently not supported under Windows.)

freespace = 1024

Temporary directory containing the files uploaded through Cuckoo interfaces

(api.py and Django web interface). Defaults to the default temporary

directory of the operating system (e.g., /tmp on Linux). Overwrite the value

if you'd like to specify an alternative path.

tmppath =

Path to the unix socket for running root commands.

rooter = /tmp/cuckoo-rooter

[feedback]

Cuckoo is capable of sending "developer feedback" to the developers so that

they can more easily improve the project. This functionality also allows the

user to quickly request new features, report bugs, and get in touch with

support in general, etc.

enabled = no name = company = email =

[resultserver]

The Result Server is used to receive in real time the behavioral logs

produced by the analyzer.

Specify the IP address of the host. The analysis machines should be able

to contact the host through such address, so make sure it's valid.

NOTE: if you set resultserver IP to 0.0.0.0 you have to set the option

resultserver_ip for all your virtual machines in machinery configuration.

ip = 192.168.56.1

Specify a port number to bind the result server on.

port = 2042

Force the port chosen above, don't try another one (we can select another

port dynamically if we can not bind this one, but that is not an option

in some setups)

force_port = no

Maximum size of uploaded files from VM (screenshots, dropped files, log).

The value is expressed in bytes, by default 128 MB.

upload_max_size = 134217728

[processing]

Set the maximum size of analyses generated files to process. This is used

to avoid the processing of big files which may take a lot of processing

time. The value is expressed in bytes, by default 128 MB.

analysis_size_limit = 134217728

Enable or disable DNS lookups.

resolve_dns = yes

Enable PCAP sorting, needed for the connection content view in the web interface.

sort_pcap = yes

[database]

Specify the database connection string.

NOTE: If you are using a custom database (different from sqlite), you have to

use utf-8 encoding when issuing the SQL database creation statement.

Examples, see documentation for more:

sqlite:///foo.db

postgresql://foo:bar@localhost:5432/mydatabase

mysql://foo:bar@localhost/mydatabase

If empty, defaults to a SQLite3 database at $CWD/cuckoo.db.

connection =

Database connection timeout in seconds.

If empty, default is set to 60 seconds.

timeout = 60

[timeouts]

Set the default analysis timeout expressed in seconds. This value will be

used to define after how many seconds the analysis will terminate unless

otherwise specified at submission.

default = 120

Set the critical timeout expressed in (relative!) seconds. It will be added

to the default timeout above and after this timeout is hit

Cuckoo will consider the analysis failed and it will shutdown the machine

no matter what. When this happens the analysis results will most likely

be lost.

critical = 60

Maximum time to wait for virtual machine status change. For example when

shutting down a vm. Default is 60 seconds.

vm_state = 60

Additional Information:

The Ubuntu host is a 10. address The Windows guest is a 192. address

If that makes a difference in configuration

Let me know if any other logs or conf files are needed. Thank you!

[doomedraven]

Check link in error

[k3nd0r]

@doomedraven

Thanks for the response,

I have checked that link.

I can confirm I have a host-only adapter No firewalls I have double checked network configuration between vboxnet0 and configuration between guest

My thought is with resultserver_ip and _port. I have tried to configure them in the cuckoo.conf but this leads to further errors.

[doomedraven]

Did you try to curl vm_ip:8000 from host when you start analysis?

[k3nd0r]

I am not able to curl vm_ip:8000 from the host during analysis. I have the agent.py installed in the user startup folder.

[doomedraven]

well if you can't do that that mean what your agent not running correctly, so you should investigate till it will listen in port 8000, obviusly i hope you replaced vm_ip with your real ip

[k3nd0r]

This is the code I have for agent.py:

`#!/usr/bin/env python

Copyright (C) 2015-2017 Cuckoo Foundation.

This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org

See the file 'docs/LICENSE' for copying permission.

import argparse import cgi import io import json import os import platform import re import shutil import stat import subprocess import sys import tempfile import traceback import zipfile

import SimpleHTTPServer import SocketServer

AGENT_VERSION = "0.8" AGENT_FEATURES = [ "execpy", "pinning", "logs", "largefile", "unicodepath", ]

sys.stdout = io.BytesIO() sys.stderr = io.BytesIO()

class MiniHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): server_version = "Cuckoo Agent"

def do_GET(self):
    request.client_ip, request.client_port = self.client_address
    request.form = {}
    request.files = {}

    if "client_ip" not in state or request.client_ip == state["client_ip"]:
        self.httpd.handle(self)

def do_POST(self):
    environ = {
        "REQUEST_METHOD": "POST",
        "CONTENT_TYPE": self.headers.get("Content-Type"),
    }

    form = cgi.FieldStorage(fp=self.rfile,
                            headers=self.headers,
                            environ=environ)

    request.form = {}
    request.files = {}

    # Another pretty fancy workaround. Since we provide backwards
    # compatibility with the Old Agent we will get an xmlrpc request
    # from the analyzer when the analysis has finished. Now xmlrpc being
    # xmlrpc we're getting text/xml as content-type which cgi does not
    # handle. This check detects when there is no available data rather
    # than getting a hard exception trying to do so.
    if form.list:
        for key in form.keys():
            value = form[key]
            if value.filename:
                request.files[key] = value.file
            else:
                request.form[key] = value.value.decode("utf8")

    if "client_ip" not in state or request.client_ip == state["client_ip"]:
        self.httpd.handle(self)

class MiniHTTPServer(object): def init(self): self.handler = MiniHTTPRequestHandler

    # Reference back to the server.
    self.handler.httpd = self

    self.routes = {
        "GET": [],
        "POST": [],
    }

def run(self, host="0.0.0.0", port=8000):
    self.s = SocketServer.TCPServer((host, port), self.handler)
    self.s.allow_reuse_address = True
    self.s.serve_forever()

def route(self, path, methods=["GET"]):
    def register(fn):
        for method in methods:
            self.routes[method].append((re.compile(path + "$"), fn))
        return fn
    return register

def handle(self, obj):
    for route, fn in self.routes[obj.command]:
        if route.match(obj.path):
            ret = fn()
            break
    else:
        ret = json_error(404, message="Route not found")

    ret.init()
    obj.send_response(ret.status_code)
    ret.headers(obj)
    obj.end_headers()

    if isinstance(ret, jsonify):
        obj.wfile.write(ret.json())
    elif isinstance(ret, send_file):
        ret.write(obj.wfile)

def shutdown(self):
    # BaseServer also features a .shutdown() method, but you can't use
    # that from the same thread as that will deadlock the whole thing.
    self.s._BaseServer__shutdown_request = True

class jsonify(object): """Wrapper that represents Flask.jsonify functionality.""" def init(self, **kwargs): self.status_code = 200 self.values = kwargs

def init(self):
    pass

def json(self):
    return json.dumps(self.values)

def headers(self, obj):
    pass

class send_file(object): """Wrapper that represents Flask.send_file functionality.""" def init(self, path): self.path = path self.status_code = 200

def init(self):
    if not os.path.isfile(self.path):
        self.status_code = 404
        self.length = 0
    else:
        self.length = os.path.getsize(self.path)

def write(self, sock):
    if not self.length:
        return

    with open(self.path, "rb") as f:
        while True:
            buf = f.read(1024 * 1024)
            if not buf:
                break

            sock.write(buf)

def headers(self, obj):
    obj.send_header("Content-Length", self.length)

class request(object): form = {} files = {} client_ip = None client_port = None environ = { "werkzeug.server.shutdown": lambda: app.shutdown(), }

app = MiniHTTPServer() state = {}

def json_error(error_code, message): r = jsonify(message=message, error_code=error_code) r.status_code = error_code return r

def json_exception(message): r = jsonify(message=message, error_code=500, traceback=traceback.format_exc()) r.status_code = 500 return r

def json_success(message, kwargs): return jsonify(message=message, kwargs)

@app.route("/") def get_index(): return json_success( "Cuckoo Agent!", version=AGENT_VERSION, features=AGENT_FEATURES )

@app.route("/status") def get_status(): return json_success("Analysis status", status=state.get("status"), description=state.get("description"))

@app.route("/status", methods=["POST"]) def put_status(): if "status" not in request.form: return json_error(400, "No status has been provided")

state["status"] = request.form["status"]
state["description"] = request.form.get("description")
return json_success("Analysis status updated")

@app.route("/logs") def get_logs(): return json_success( "Agent logs", stdout=sys.stdout.getvalue(), stderr=sys.stderr.getvalue() )

@app.route("/system") def get_system(): return json_success("System", system=platform.system())

@app.route("/environ") def get_environ(): return json_success("Environment variables", environ=dict(os.environ))

@app.route("/path") def get_path(): return json_success("Agent path", filepath=os.path.abspath(file))

@app.route("/mkdir", methods=["POST"]) def do_mkdir(): if "dirpath" not in request.form: return json_error(400, "No dirpath has been provided")

mode = int(request.form.get("mode", 0777))

try:
    os.makedirs(request.form["dirpath"], mode=mode)
except:
    return json_exception("Error creating directory")

return json_success("Successfully created directory")

@app.route("/mktemp", methods=["GET", "POST"]) def do_mktemp(): suffix = request.form.get("suffix", "") prefix = request.form.get("prefix", "tmp") dirpath = request.form.get("dirpath")

try:
    fd, filepath = tempfile.mkstemp(suffix=suffix, prefix=prefix, dir=dirpath)
except:
    return json_exception("Error creating temporary file")

os.close(fd)

return json_success("Successfully created temporary file",
                    filepath=filepath)

@app.route("/mkdtemp", methods=["GET", "POST"]) def do_mkdtemp(): suffix = request.form.get("suffix", "") prefix = request.form.get("prefix", "tmp") dirpath = request.form.get("dirpath")

try:
    dirpath = tempfile.mkdtemp(suffix=suffix, prefix=prefix, dir=dirpath)
except:
    return json_exception("Error creating temporary directory")

return json_success("Successfully created temporary directory",
                    dirpath=dirpath)

@app.route("/store", methods=["POST"]) def do_store(): if "filepath" not in request.form: return json_error(400, "No filepath has been provided")

if "file" not in request.files:
    return json_error(400, "No file has been provided")

try:
    with open(request.form["filepath"], "wb") as f:
        shutil.copyfileobj(request.files["file"], f, 10*1024*1024)
except:
    return json_exception("Error storing file")

return json_success("Successfully stored file")

@app.route("/retrieve", methods=["POST"]) def do_retrieve(): if "filepath" not in request.form: return json_error(400, "No filepath has been provided")

return send_file(request.form["filepath"])

@app.route("/extract", methods=["POST"]) def do_extract(): if "dirpath" not in request.form: return json_error(400, "No dirpath has been provided")

if "zipfile" not in request.files:
    return json_error(400, "No zip file has been provided")

try:
    with zipfile.ZipFile(request.files["zipfile"], "r") as archive:
        archive.extractall(request.form["dirpath"])
except:
    return json_exception("Error extracting zip file")

return json_success("Successfully extracted zip file")

@app.route("/remove", methods=["POST"]) def do_remove(): if "path" not in request.form: return json_error(400, "No path has been provided")

try:
    if os.path.isdir(request.form["path"]):
        # Mark all files as readable so they can be deleted.
        for dirpath, _, filenames in os.walk(request.form["path"]):
            for filename in filenames:
                os.chmod(os.path.join(dirpath, filename), stat.S_IWRITE)

        shutil.rmtree(request.form["path"])
        message = "Successfully deleted directory"
    elif os.path.isfile(request.form["path"]):
        os.chmod(request.form["path"], stat.S_IWRITE)
        os.remove(request.form["path"])
        message = "Successfully deleted file"
    else:
        return json_error(404, "Path provided does not exist")
except:
    return json_exception("Error removing file or directory")

return json_success(message)

@app.route("/execute", methods=["POST"]) def do_execute(): if "command" not in request.form: return json_error(400, "No command has been provided")

# Execute the command asynchronously? As a shell command?
async = "async" in request.form
shell = "shell" in request.form

cwd = request.form.get("cwd")
stdout = stderr = None

try:
    if async:
        subprocess.Popen(request.form["command"], shell=shell, cwd=cwd)
    else:
        p = subprocess.Popen(
            request.form["command"], shell=shell, cwd=cwd,
            stdout=subprocess.PIPE, stderr=subprocess.PIPE
        )
        stdout, stderr = p.communicate()
except:
    return json_exception("Error executing command")

return json_success("Successfully executed command",
                    stdout=stdout, stderr=stderr)

@app.route("/execpy", methods=["POST"]) def do_execpy(): if "filepath" not in request.form: return json_error(400, "No Python file has been provided")

# Execute the command asynchronously? As a shell command?
async = "async" in request.form

cwd = request.form.get("cwd")
stdout = stderr = None

args = [
    sys.executable,
    request.form["filepath"],
]

try:
    if async:
        subprocess.Popen(args, cwd=cwd)
    else:
        p = subprocess.Popen(args, cwd=cwd,
                             stdout=subprocess.PIPE,
                             stderr=subprocess.PIPE)
        stdout, stderr = p.communicate()
except:
    return json_exception("Error executing command")

return json_success("Successfully executed command",
                    stdout=stdout, stderr=stderr)

@app.route("/pinning") def do_pinning(): if "client_ip" in state: return json_error(500, "Agent has already been pinned to an IP!")

state["client_ip"] = request.client_ip
return json_success("Successfully pinned Agent",
                    client_ip=request.client_ip)

@app.route("/kill") def do_kill(): shutdown = request.environ.get("werkzeug.server.shutdown") if shutdown is None: return json_error(500, "Not running with the Werkzeug server")

shutdown()
return json_success("Quit the Cuckoo Agent")

if name == "main": parser = argparse.ArgumentParser() parser.add_argument("host", nargs="?", default="0.0.0.0") parser.add_argument("port", nargs="?", default="8000") args = parser.parse_args()

app.run(host=args.host, port=int(args.port))`

I have it in the user startup folder on my Windows 10 guest. I have python 2 installed, and it is in the path. When I run the agent.py from file explorer on windows, there is not output to the terminal screen (which i have seen in images of other cuckoo instances online).

[doomedraven]

is bcz no communication, also if you see a window of agent that is bad instalation, should be .pyw(no window) not .py

and code of agent we don't need it its in repo, so just if you can't use curl, than you have problems wiht networking setup

[k3nd0r]

Any thoughts on what it may be? I can ping back and forth from the host and vm no problem

[doomedraven]

ping is useless! only curl to vm_ip:8000 is important, if that doesn't work that means or network problem, but if ping works, means you didn't start agent correctly, like did you put on startup folder of admin and rebooted vm and saved in running state?

[k3nd0r]

It is located in the "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" folder

[doomedraven]

you have response to your problem in my last comment

[k3nd0r]

So just to be sure I am running this correctly:

• I have the agent in the startup folder, and am restarting the system to ensure it is running on boot.
• Shut down system, take snapshot
• Then run cuckoo and cuckoo web runserver
• Then analyze file/url via browser console

Please let me know if I am doing something incorrect. Slightly confused when you said 'saved in running state' if that means snapshot or to save state

Thanks

[doomedraven]

FAIL Shut down system, take snapshot

RUNNING STATE

the rest is fine

[k3nd0r]

cuckoo -d output:

                           ),-.     /

Cuckoo Sandbox <(a ---',' no chance for malwares! (-, .> ) ) >.__/ /

Cuckoo Sandbox 2.0.5 www.cuckoosandbox.org Copyright (c) 2010-2017

Checking for updates... Error checking for the latest Cuckoo version: HTTPSConnectionPool(host='cuckoosandbox.org', port=443): Max retries exceeded with url: /updates.json?version=2.0.5 (Caused by ConnectTimeoutError(<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f597987ed50>, 'Connection to cuckoosandbox.org timed out. (connect timeout=6)'))! 2018-05-22 12:00:18,538 [cuckoo.core.startup] DEBUG: Imported modules... 2018-05-22 12:00:18,542 [cuckoo.core.startup] DEBUG: Imported "auxiliary" modules: 2018-05-22 12:00:18,542 [cuckoo.core.startup] DEBUG: |-- MITM 2018-05-22 12:00:18,542 [cuckoo.core.startup] DEBUG: |-- Reboot 2018-05-22 12:00:18,542 [cuckoo.core.startup] DEBUG: |-- Services 2018-05-22 12:00:18,543 [cuckoo.core.startup] DEBUG: -- Sniffer 2018-05-22 12:00:18,543 [cuckoo.core.startup] DEBUG: Imported "machinery" modules: 2018-05-22 12:00:18,543 [cuckoo.core.startup] DEBUG: |-- vSphere 2018-05-22 12:00:18,543 [cuckoo.core.startup] DEBUG: |-- KVM 2018-05-22 12:00:18,543 [cuckoo.core.startup] DEBUG: |-- ESX 2018-05-22 12:00:18,543 [cuckoo.core.startup] DEBUG: |-- XenServer 2018-05-22 12:00:18,543 [cuckoo.core.startup] DEBUG: |-- VirtualBox 2018-05-22 12:00:18,543 [cuckoo.core.startup] DEBUG: |-- Avd 2018-05-22 12:00:18,543 [cuckoo.core.startup] DEBUG: |-- QEMU 2018-05-22 12:00:18,543 [cuckoo.core.startup] DEBUG: |-- VMware 2018-05-22 12:00:18,544 [cuckoo.core.startup] DEBUG:-- Physical 2018-05-22 12:00:18,544 [cuckoo.core.startup] DEBUG: Imported "processing" modules: 2018-05-22 12:00:18,544 [cuckoo.core.startup] DEBUG: |-- AnalysisInfo 2018-05-22 12:00:18,544 [cuckoo.core.startup] DEBUG: |-- ApkInfo 2018-05-22 12:00:18,544 [cuckoo.core.startup] DEBUG: |-- Baseline 2018-05-22 12:00:18,544 [cuckoo.core.startup] DEBUG: |-- BehaviorAnalysis 2018-05-22 12:00:18,544 [cuckoo.core.startup] DEBUG: |-- Debug 2018-05-22 12:00:18,544 [cuckoo.core.startup] DEBUG: |-- Droidmon 2018-05-22 12:00:18,544 [cuckoo.core.startup] DEBUG: |-- Dropped 2018-05-22 12:00:18,545 [cuckoo.core.startup] DEBUG: |-- DroppedBuffer 2018-05-22 12:00:18,545 [cuckoo.core.startup] DEBUG: |-- Extracted 2018-05-22 12:00:18,545 [cuckoo.core.startup] DEBUG: |-- GooglePlay 2018-05-22 12:00:18,545 [cuckoo.core.startup] DEBUG: |-- Irma 2018-05-22 12:00:18,545 [cuckoo.core.startup] DEBUG: |-- Memory 2018-05-22 12:00:18,545 [cuckoo.core.startup] DEBUG: |-- MetaInfo 2018-05-22 12:00:18,545 [cuckoo.core.startup] DEBUG: |-- MISP 2018-05-22 12:00:18,545 [cuckoo.core.startup] DEBUG: |-- NetworkAnalysis 2018-05-22 12:00:18,545 [cuckoo.core.startup] DEBUG: |-- ProcessMemory 2018-05-22 12:00:18,545 [cuckoo.core.startup] DEBUG: |-- Procmon 2018-05-22 12:00:18,546 [cuckoo.core.startup] DEBUG: |-- Screenshots 2018-05-22 12:00:18,546 [cuckoo.core.startup] DEBUG: |-- Snort 2018-05-22 12:00:18,546 [cuckoo.core.startup] DEBUG: |-- Static 2018-05-22 12:00:18,546 [cuckoo.core.startup] DEBUG: |-- Strings 2018-05-22 12:00:18,546 [cuckoo.core.startup] DEBUG: |-- Suricata 2018-05-22 12:00:18,546 [cuckoo.core.startup] DEBUG: |-- TargetInfo 2018-05-22 12:00:18,546 [cuckoo.core.startup] DEBUG: |-- TLSMasterSecrets 2018-05-22 12:00:18,546 [cuckoo.core.startup] DEBUG: -- VirusTotal 2018-05-22 12:00:18,546 [cuckoo.core.startup] DEBUG: Imported "signatures" modules: 2018-05-22 12:00:18,546 [cuckoo.core.startup] DEBUG: |-- AndroidAbortBroadcast 2018-05-22 12:00:18,547 [cuckoo.core.startup] DEBUG: |-- AndroidAccountInfo 2018-05-22 12:00:18,547 [cuckoo.core.startup] DEBUG: |-- AndroidAppInfo 2018-05-22 12:00:18,547 [cuckoo.core.startup] DEBUG: |-- AndroidAudio 2018-05-22 12:00:18,547 [cuckoo.core.startup] DEBUG: |-- AndroidCamera 2018-05-22 12:00:18,547 [cuckoo.core.startup] DEBUG: |-- AndroidDangerousPermissions 2018-05-22 12:00:18,547 [cuckoo.core.startup] DEBUG: |-- AndroidDeletedApp 2018-05-22 12:00:18,547 [cuckoo.core.startup] DEBUG: |-- AndroidDynamicCode 2018-05-22 12:00:18,547 [cuckoo.core.startup] DEBUG: |-- AndroidEmbeddedApk 2018-05-22 12:00:18,547 [cuckoo.core.startup] DEBUG: |-- AndroidGooglePlayDiff 2018-05-22 12:00:18,548 [cuckoo.core.startup] DEBUG: |-- AndroidInstalledApps 2018-05-22 12:00:18,548 [cuckoo.core.startup] DEBUG: |-- AndroidNativeCode 2018-05-22 12:00:18,548 [cuckoo.core.startup] DEBUG: |-- AndroidPhoneNumber 2018-05-22 12:00:18,548 [cuckoo.core.startup] DEBUG: |-- AndroidPrivateInfoQuery 2018-05-22 12:00:18,548 [cuckoo.core.startup] DEBUG: |-- AndroidReflectionCode 2018-05-22 12:00:18,548 [cuckoo.core.startup] DEBUG: |-- AndroidRegisteredReceiver 2018-05-22 12:00:18,548 [cuckoo.core.startup] DEBUG: |-- AndroidShellCommands 2018-05-22 12:00:18,548 [cuckoo.core.startup] DEBUG: |-- AndroidSMS 2018-05-22 12:00:18,548 [cuckoo.core.startup] DEBUG: |-- AndroidStopProcess 2018-05-22 12:00:18,548 [cuckoo.core.startup] DEBUG: |-- ApplicationUsesLocation 2018-05-22 12:00:18,549 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2018-05-22 12:00:18,549 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisJavascript 2018-05-22 12:00:18,549 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer 2018-05-22 12:00:18,549 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer2 2018-05-22 12:00:18,549 [cuckoo.core.startup] DEBUG: |-- EncryptionKeys 2018-05-22 12:00:18,549 [cuckoo.core.startup] DEBUG: |-- EvalJS 2018-05-22 12:00:18,549 [cuckoo.core.startup] DEBUG: |-- HtmlFlash 2018-05-22 12:00:18,549 [cuckoo.core.startup] DEBUG: |-- JsIframe 2018-05-22 12:00:18,549 [cuckoo.core.startup] DEBUG: |-- PDFAttachments 2018-05-22 12:00:18,550 [cuckoo.core.startup] DEBUG: |-- PDFJavaScript 2018-05-22 12:00:18,550 [cuckoo.core.startup] DEBUG: |-- PDFOpenAction 2018-05-22 12:00:18,550 [cuckoo.core.startup] DEBUG: |-- PDFOpenActionJS 2018-05-22 12:00:18,550 [cuckoo.core.startup] DEBUG: |-- SuspiciousJavascript 2018-05-22 12:00:18,550 [cuckoo.core.startup] DEBUG: |-- DarwinCodeInjection 2018-05-22 12:00:18,550 [cuckoo.core.startup] DEBUG: |-- TaskForPid 2018-05-22 12:00:18,550 [cuckoo.core.startup] DEBUG: |-- DeadHost 2018-05-22 12:00:18,550 [cuckoo.core.startup] DEBUG: |-- NetworkBIND 2018-05-22 12:00:18,550 [cuckoo.core.startup] DEBUG: |-- NetworkCnCHTTP 2018-05-22 12:00:18,550 [cuckoo.core.startup] DEBUG: |-- NetworkDNSTXTLookup 2018-05-22 12:00:18,551 [cuckoo.core.startup] DEBUG: |-- NetworkDynDNS 2018-05-22 12:00:18,551 [cuckoo.core.startup] DEBUG: |-- NetworkHTTP 2018-05-22 12:00:18,551 [cuckoo.core.startup] DEBUG: |-- NetworkHTTPPOST 2018-05-22 12:00:18,551 [cuckoo.core.startup] DEBUG: |-- NetworkICMP 2018-05-22 12:00:18,551 [cuckoo.core.startup] DEBUG: |-- NetworkIRC 2018-05-22 12:00:18,551 [cuckoo.core.startup] DEBUG: |-- NetworkSMTP 2018-05-22 12:00:18,551 [cuckoo.core.startup] DEBUG: |-- NoLookupCommunication 2018-05-22 12:00:18,551 [cuckoo.core.startup] DEBUG: |-- P2PCnC 2018-05-22 12:00:18,551 [cuckoo.core.startup] DEBUG: |-- SnortAlert 2018-05-22 12:00:18,552 [cuckoo.core.startup] DEBUG: |-- SuricataAlert 2018-05-22 12:00:18,552 [cuckoo.core.startup] DEBUG: |-- Suspicious_TLD 2018-05-22 12:00:18,552 [cuckoo.core.startup] DEBUG: |-- TorGateway 2018-05-22 12:00:18,552 [cuckoo.core.startup] DEBUG: |-- WscriptDownloader 2018-05-22 12:00:18,552 [cuckoo.core.startup] DEBUG: |-- AddsUser 2018-05-22 12:00:18,552 [cuckoo.core.startup] DEBUG: |-- AddsUserAdmin 2018-05-22 12:00:18,552 [cuckoo.core.startup] DEBUG: |-- ADS 2018-05-22 12:00:18,552 [cuckoo.core.startup] DEBUG: |-- Adzok 2018-05-22 12:00:18,553 [cuckoo.core.startup] DEBUG: |-- AlinaFile 2018-05-22 12:00:18,553 [cuckoo.core.startup] DEBUG: |-- AlineURL 2018-05-22 12:00:18,553 [cuckoo.core.startup] DEBUG: |-- AllocatesExecuteRemoteProccess 2018-05-22 12:00:18,553 [cuckoo.core.startup] DEBUG: |-- AllocatesRWX 2018-05-22 12:00:18,553 [cuckoo.core.startup] DEBUG: |-- AmsiBypass 2018-05-22 12:00:18,553 [cuckoo.core.startup] DEBUG: |-- Andromeda 2018-05-22 12:00:18,554 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisDetectFile 2018-05-22 12:00:18,554 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectFile 2018-05-22 12:00:18,554 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectReg 2018-05-22 12:00:18,554 [cuckoo.core.startup] DEBUG: |-- AntiAVServiceStop 2018-05-22 12:00:18,554 [cuckoo.core.startup] DEBUG: |-- AntiAVSRP 2018-05-22 12:00:18,554 [cuckoo.core.startup] DEBUG: |-- AntiDBGDevices 2018-05-22 12:00:18,555 [cuckoo.core.startup] DEBUG: |-- AntiDBGWindows 2018-05-22 12:00:18,555 [cuckoo.core.startup] DEBUG: |-- AntisandboxClipboard 2018-05-22 12:00:18,555 [cuckoo.core.startup] DEBUG: |-- AntiSandboxFile 2018-05-22 12:00:18,555 [cuckoo.core.startup] DEBUG: |-- AntiSandboxForegroundWindow 2018-05-22 12:00:18,555 [cuckoo.core.startup] DEBUG: |-- AntiSandboxIdleTime 2018-05-22 12:00:18,555 [cuckoo.core.startup] DEBUG: |-- AntiSandboxRestart 2018-05-22 12:00:18,555 [cuckoo.core.startup] DEBUG: |-- AntiSandboxSleep 2018-05-22 12:00:18,555 [cuckoo.core.startup] DEBUG: |-- AntiVirusIRMA 2018-05-22 12:00:18,555 [cuckoo.core.startup] DEBUG: |-- AntiVMBios 2018-05-22 12:00:18,556 [cuckoo.core.startup] DEBUG: |-- AntiVMComputernameQuery 2018-05-22 12:00:18,556 [cuckoo.core.startup] DEBUG: |-- AntiVMCPU 2018-05-22 12:00:18,556 [cuckoo.core.startup] DEBUG: |-- AntiVMDiskSize 2018-05-22 12:00:18,556 [cuckoo.core.startup] DEBUG: |-- AntiVMIDE 2018-05-22 12:00:18,556 [cuckoo.core.startup] DEBUG: |-- AntiVMSCSI 2018-05-22 12:00:18,556 [cuckoo.core.startup] DEBUG: |-- AntiVMServices 2018-05-22 12:00:18,556 [cuckoo.core.startup] DEBUG: |-- AntiVMSharedDevice 2018-05-22 12:00:18,556 [cuckoo.core.startup] DEBUG: |-- ApplicationExceptionCrash 2018-05-22 12:00:18,556 [cuckoo.core.startup] DEBUG: |-- AppLockerBypass 2018-05-22 12:00:18,556 [cuckoo.core.startup] DEBUG: |-- APT_Carbunak 2018-05-22 12:00:18,557 [cuckoo.core.startup] DEBUG: |-- APT_CloudAtlas 2018-05-22 12:00:18,557 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_ip 2018-05-22 12:00:18,557 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_url 2018-05-22 12:00:18,557 [cuckoo.core.startup] DEBUG: |-- ArdamaxMutexes 2018-05-22 12:00:18,557 [cuckoo.core.startup] DEBUG: |-- AthenaHttp 2018-05-22 12:00:18,557 [cuckoo.core.startup] DEBUG: |-- AthenaURL 2018-05-22 12:00:18,557 [cuckoo.core.startup] DEBUG: |-- Autorun 2018-05-22 12:00:18,557 [cuckoo.core.startup] DEBUG: |-- AvastDetectLibs 2018-05-22 12:00:18,557 [cuckoo.core.startup] DEBUG: |-- AVDetectionChinaKey 2018-05-22 12:00:18,558 [cuckoo.core.startup] DEBUG: |-- BadCerts 2018-05-22 12:00:18,558 [cuckoo.core.startup] DEBUG: |-- Bagle 2018-05-22 12:00:18,558 [cuckoo.core.startup] DEBUG: |-- Bandook 2018-05-22 12:00:18,558 [cuckoo.core.startup] DEBUG: |-- banker_bancos 2018-05-22 12:00:18,558 [cuckoo.core.startup] DEBUG: |-- BankingMutexes 2018-05-22 12:00:18,558 [cuckoo.core.startup] DEBUG: |-- Banload 2018-05-22 12:00:18,558 [cuckoo.core.startup] DEBUG: |-- Beastdoor 2018-05-22 12:00:18,558 [cuckoo.core.startup] DEBUG: |-- BeebusMutexes 2018-05-22 12:00:18,558 [cuckoo.core.startup] DEBUG: |-- BegseabugTDMutexes 2018-05-22 12:00:18,558 [cuckoo.core.startup] DEBUG: |-- BetabotURL 2018-05-22 12:00:18,559 [cuckoo.core.startup] DEBUG: |-- Bifrose 2018-05-22 12:00:18,559 [cuckoo.core.startup] DEBUG: |-- BitcoinOpenCL 2018-05-22 12:00:18,559 [cuckoo.core.startup] DEBUG: |-- BitcoinWallet 2018-05-22 12:00:18,559 [cuckoo.core.startup] DEBUG: |-- BitdefenderDetectLibs 2018-05-22 12:00:18,559 [cuckoo.core.startup] DEBUG: |-- BlackEnergyMutexes 2018-05-22 12:00:18,559 [cuckoo.core.startup] DEBUG: |-- Blackhole 2018-05-22 12:00:18,559 [cuckoo.core.startup] DEBUG: |-- BlackholeURL 2018-05-22 12:00:18,559 [cuckoo.core.startup] DEBUG: |-- Blackice 2018-05-22 12:00:18,559 [cuckoo.core.startup] DEBUG: |-- BlackposURL 2018-05-22 12:00:18,560 [cuckoo.core.startup] DEBUG: |-- BlackRevMutexes 2018-05-22 12:00:18,560 [cuckoo.core.startup] DEBUG: |-- Blackshades 2018-05-22 12:00:18,560 [cuckoo.core.startup] DEBUG: |-- BladabindiMutexes 2018-05-22 12:00:18,560 [cuckoo.core.startup] DEBUG: |-- BochsDetectKeys 2018-05-22 12:00:18,560 [cuckoo.core.startup] DEBUG: |-- Bootkit 2018-05-22 12:00:18,560 [cuckoo.core.startup] DEBUG: |-- Bottilda 2018-05-22 12:00:18,560 [cuckoo.core.startup] DEBUG: |-- BozokKey 2018-05-22 12:00:18,560 [cuckoo.core.startup] DEBUG: |-- browser_startpage 2018-05-22 12:00:18,560 [cuckoo.core.startup] DEBUG: |-- BrowserSecurity 2018-05-22 12:00:18,560 [cuckoo.core.startup] DEBUG: |-- BrowserStealer 2018-05-22 12:00:18,561 [cuckoo.core.startup] DEBUG: |-- Btcbotnet 2018-05-22 12:00:18,561 [cuckoo.core.startup] DEBUG: |-- Bublik 2018-05-22 12:00:18,561 [cuckoo.core.startup] DEBUG: |-- BuildLangID 2018-05-22 12:00:18,561 [cuckoo.core.startup] DEBUG: |-- BuzusMutexes 2018-05-22 12:00:18,561 [cuckoo.core.startup] DEBUG: |-- BypassFirewall 2018-05-22 12:00:18,561 [cuckoo.core.startup] DEBUG: |-- c24URL 2018-05-22 12:00:18,561 [cuckoo.core.startup] DEBUG: |-- CarberpMutexes 2018-05-22 12:00:18,561 [cuckoo.core.startup] DEBUG: |-- Ceatrg 2018-05-22 12:00:18,561 [cuckoo.core.startup] DEBUG: |-- ChanitorMutexes 2018-05-22 12:00:18,561 [cuckoo.core.startup] DEBUG: |-- CheckIP 2018-05-22 12:00:18,562 [cuckoo.core.startup] DEBUG: |-- ChecksDebugger 2018-05-22 12:00:18,562 [cuckoo.core.startup] DEBUG: |-- ChecksKernelDebugger 2018-05-22 12:00:18,562 [cuckoo.core.startup] DEBUG: |-- ClearPermissionEventLogs 2018-05-22 12:00:18,562 [cuckoo.core.startup] DEBUG: |-- ClearsEventLogs 2018-05-22 12:00:18,562 [cuckoo.core.startup] DEBUG: |-- ClickfraudCookies 2018-05-22 12:00:18,562 [cuckoo.core.startup] DEBUG: |-- cloud_mediafire 2018-05-22 12:00:18,562 [cuckoo.core.startup] DEBUG: |-- cloud_wetransfer 2018-05-22 12:00:18,562 [cuckoo.core.startup] DEBUG: |-- CloudFlare 2018-05-22 12:00:18,562 [cuckoo.core.startup] DEBUG: |-- CloudGoogle 2018-05-22 12:00:18,562 [cuckoo.core.startup] DEBUG: |-- CoinminerMutexes 2018-05-22 12:00:18,563 [cuckoo.core.startup] DEBUG: |-- ComRAT 2018-05-22 12:00:18,563 [cuckoo.core.startup] DEBUG: |-- ConsoleOutput 2018-05-22 12:00:18,563 [cuckoo.core.startup] DEBUG: |-- Crash 2018-05-22 12:00:18,563 [cuckoo.core.startup] DEBUG: |-- CreatesAutorunInf 2018-05-22 12:00:18,563 [cuckoo.core.startup] DEBUG: |-- CreatesDocument 2018-05-22 12:00:18,563 [cuckoo.core.startup] DEBUG: |-- CreatesExe 2018-05-22 12:00:18,563 [cuckoo.core.startup] DEBUG: |-- CreatesHiddenFile 2018-05-22 12:00:18,563 [cuckoo.core.startup] DEBUG: |-- CreatesLargeKey 2018-05-22 12:00:18,563 [cuckoo.core.startup] DEBUG: |-- CreatesNullRegistryEntry 2018-05-22 12:00:18,563 [cuckoo.core.startup] DEBUG: |-- CreatesService 2018-05-22 12:00:18,564 [cuckoo.core.startup] DEBUG: |-- CreatesShortcut 2018-05-22 12:00:18,564 [cuckoo.core.startup] DEBUG: |-- CreatesSuspiciousProcess 2018-05-22 12:00:18,564 [cuckoo.core.startup] DEBUG: |-- CredentialDumpingLsass 2018-05-22 12:00:18,564 [cuckoo.core.startup] DEBUG: |-- CredentialDumpingLsassAccess 2018-05-22 12:00:18,564 [cuckoo.core.startup] DEBUG: |-- Cridex 2018-05-22 12:00:18,564 [cuckoo.core.startup] DEBUG: |-- CryptGenKey 2018-05-22 12:00:18,564 [cuckoo.core.startup] DEBUG: |-- Cryptolocker 2018-05-22 12:00:18,564 [cuckoo.core.startup] DEBUG: |-- CryptoMiningStratumCommand 2018-05-22 12:00:18,564 [cuckoo.core.startup] DEBUG: |-- CuckooDetectFiles 2018-05-22 12:00:18,564 [cuckoo.core.startup] DEBUG: |-- Cybergate 2018-05-22 12:00:18,565 [cuckoo.core.startup] DEBUG: |-- Dapato 2018-05-22 12:00:18,565 [cuckoo.core.startup] DEBUG: |-- Darkcloud 2018-05-22 12:00:18,565 [cuckoo.core.startup] DEBUG: |-- DarkddosMutexes 2018-05-22 12:00:18,565 [cuckoo.core.startup] DEBUG: |-- Darkshell 2018-05-22 12:00:18,565 [cuckoo.core.startup] DEBUG: |-- Ddos556 2018-05-22 12:00:18,565 [cuckoo.core.startup] DEBUG: |-- Decay 2018-05-22 12:00:18,565 [cuckoo.core.startup] DEBUG: |-- DecebalMutexes 2018-05-22 12:00:18,565 [cuckoo.core.startup] DEBUG: |-- DeepFreezeMutex 2018-05-22 12:00:18,565 [cuckoo.core.startup] DEBUG: |-- DeletesExecutedFiles 2018-05-22 12:00:18,565 [cuckoo.core.startup] DEBUG: |-- DelfTrojan 2018-05-22 12:00:18,566 [cuckoo.core.startup] DEBUG: |-- DEPHeapBypass 2018-05-22 12:00:18,566 [cuckoo.core.startup] DEBUG: |-- DEPStackBypass 2018-05-22 12:00:18,566 [cuckoo.core.startup] DEBUG: |-- DerusbiMutexes 2018-05-22 12:00:18,566 [cuckoo.core.startup] DEBUG: |-- Dexter 2018-05-22 12:00:18,566 [cuckoo.core.startup] DEBUG: |-- Dibik 2018-05-22 12:00:18,566 [cuckoo.core.startup] DEBUG: |-- DirtJumper 2018-05-22 12:00:18,566 [cuckoo.core.startup] DEBUG: |-- DisableCmd 2018-05-22 12:00:18,566 [cuckoo.core.startup] DEBUG: |-- DisableRegedit 2018-05-22 12:00:18,566 [cuckoo.core.startup] DEBUG: |-- DisablesAppLaunch 2018-05-22 12:00:18,566 [cuckoo.core.startup] DEBUG: |-- DisablesBrowserWarn 2018-05-22 12:00:18,567 [cuckoo.core.startup] DEBUG: |-- DisablesIEHTTP2 2018-05-22 12:00:18,567 [cuckoo.core.startup] DEBUG: |-- DisablesProxy 2018-05-22 12:00:18,567 [cuckoo.core.startup] DEBUG: |-- DisablesSecurity 2018-05-22 12:00:18,567 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYChrome 2018-05-22 12:00:18,567 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYFirefox 2018-05-22 12:00:18,567 [cuckoo.core.startup] DEBUG: |-- DisablesSPDYIE 2018-05-22 12:00:18,567 [cuckoo.core.startup] DEBUG: |-- DisablesSystemRestore 2018-05-22 12:00:18,567 [cuckoo.core.startup] DEBUG: |-- DisablesWER 2018-05-22 12:00:18,567 [cuckoo.core.startup] DEBUG: |-- DisablesWindowsUpdate 2018-05-22 12:00:18,567 [cuckoo.core.startup] DEBUG: |-- DisableTaskMgr 2018-05-22 12:00:18,568 [cuckoo.core.startup] DEBUG: |-- DiskInformation 2018-05-22 12:00:18,568 [cuckoo.core.startup] DEBUG: |-- Dns_Freehosting_Domain 2018-05-22 12:00:18,568 [cuckoo.core.startup] DEBUG: |-- dnsserver_dynamic 2018-05-22 12:00:18,568 [cuckoo.core.startup] DEBUG: |-- DocumentClose 2018-05-22 12:00:18,568 [cuckoo.core.startup] DEBUG: |-- DocumentOpen 2018-05-22 12:00:18,568 [cuckoo.core.startup] DEBUG: |-- DoFoil 2018-05-22 12:00:18,568 [cuckoo.core.startup] DEBUG: |-- DownloaderCabby 2018-05-22 12:00:18,568 [cuckoo.core.startup] DEBUG: |-- Dridex_APIs 2018-05-22 12:00:18,568 [cuckoo.core.startup] DEBUG: |-- Drive 2018-05-22 12:00:18,568 [cuckoo.core.startup] DEBUG: |-- Drive2 2018-05-22 12:00:18,569 [cuckoo.core.startup] DEBUG: |-- DriverLoad 2018-05-22 12:00:18,569 [cuckoo.core.startup] DEBUG: |-- DropBox 2018-05-22 12:00:18,569 [cuckoo.core.startup] DEBUG: |-- Dropper 2018-05-22 12:00:18,569 [cuckoo.core.startup] DEBUG: |-- Dyreza 2018-05-22 12:00:18,569 [cuckoo.core.startup] DEBUG: |-- EclipseMutexes 2018-05-22 12:00:18,569 [cuckoo.core.startup] DEBUG: |-- Emotet 2018-05-22 12:00:18,569 [cuckoo.core.startup] DEBUG: |-- Emotet_APIs 2018-05-22 12:00:18,569 [cuckoo.core.startup] DEBUG: |-- Evilbot 2018-05-22 12:00:18,569 [cuckoo.core.startup] DEBUG: |-- ExeAppData 2018-05-22 12:00:18,569 [cuckoo.core.startup] DEBUG: |-- ExecBitsAdmin 2018-05-22 12:00:18,570 [cuckoo.core.startup] DEBUG: |-- ExecWaitFor 2018-05-22 12:00:18,570 [cuckoo.core.startup] DEBUG: |-- exp_3322_dom 2018-05-22 12:00:18,570 [cuckoo.core.startup] DEBUG: |-- Expiro 2018-05-22 12:00:18,570 [cuckoo.core.startup] DEBUG: |-- ExploitHeapspray 2018-05-22 12:00:18,570 [cuckoo.core.startup] DEBUG: |-- ExploitKitMutexes 2018-05-22 12:00:18,570 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2018-05-22 12:00:18,570 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2018-05-22 12:00:18,570 [cuckoo.core.startup] DEBUG: |-- FakeRean 2018-05-22 12:00:18,570 [cuckoo.core.startup] DEBUG: |-- FarFli 2018-05-22 12:00:18,570 [cuckoo.core.startup] DEBUG: |-- FesberMutexes 2018-05-22 12:00:18,571 [cuckoo.core.startup] DEBUG: |-- Fingerprint 2018-05-22 12:00:18,571 [cuckoo.core.startup] DEBUG: |-- Flame 2018-05-22 12:00:18,571 [cuckoo.core.startup] DEBUG: |-- Flystudio 2018-05-22 12:00:18,571 [cuckoo.core.startup] DEBUG: |-- FortinetDetectFiles 2018-05-22 12:00:18,571 [cuckoo.core.startup] DEBUG: |-- FTPStealer 2018-05-22 12:00:18,571 [cuckoo.core.startup] DEBUG: |-- Fynloski 2018-05-22 12:00:18,571 [cuckoo.core.startup] DEBUG: |-- Gaelicum 2018-05-22 12:00:18,571 [cuckoo.core.startup] DEBUG: |-- Ghostbot 2018-05-22 12:00:18,571 [cuckoo.core.startup] DEBUG: |-- HasAuthenticode 2018-05-22 12:00:18,571 [cuckoo.core.startup] DEBUG: |-- HasOfficeEps 2018-05-22 12:00:18,572 [cuckoo.core.startup] DEBUG: |-- HasPdb 2018-05-22 12:00:18,572 [cuckoo.core.startup] DEBUG: |-- HasWMI 2018-05-22 12:00:18,572 [cuckoo.core.startup] DEBUG: |-- Hesperbot 2018-05-22 12:00:18,572 [cuckoo.core.startup] DEBUG: |-- Hidden_Window 2018-05-22 12:00:18,572 [cuckoo.core.startup] DEBUG: |-- Hikit 2018-05-22 12:00:18,572 [cuckoo.core.startup] DEBUG: |-- HookMouse 2018-05-22 12:00:18,572 [cuckoo.core.startup] DEBUG: |-- Hupigon 2018-05-22 12:00:18,572 [cuckoo.core.startup] DEBUG: |-- HyperVDetectKeys 2018-05-22 12:00:18,572 [cuckoo.core.startup] DEBUG: |-- IcePoint 2018-05-22 12:00:18,572 [cuckoo.core.startup] DEBUG: |-- im_btb 2018-05-22 12:00:18,573 [cuckoo.core.startup] DEBUG: |-- im_qq 2018-05-22 12:00:18,573 [cuckoo.core.startup] DEBUG: |-- IMStealer 2018-05-22 12:00:18,573 [cuckoo.core.startup] DEBUG: |-- InceptionAPT 2018-05-22 12:00:18,573 [cuckoo.core.startup] DEBUG: |-- Infinity 2018-05-22 12:00:18,573 [cuckoo.core.startup] DEBUG: |-- InfoStealerClipboard 2018-05-22 12:00:18,573 [cuckoo.core.startup] DEBUG: |-- InjectionCreateRemoteThread 2018-05-22 12:00:18,573 [cuckoo.core.startup] DEBUG: |-- InjectionExplorer 2018-05-22 12:00:18,573 [cuckoo.core.startup] DEBUG: |-- InjectionModifiesMemory 2018-05-22 12:00:18,573 [cuckoo.core.startup] DEBUG: |-- InjectionNetworkTraffic 2018-05-22 12:00:18,573 [cuckoo.core.startup] DEBUG: |-- InjectionProcessSearch 2018-05-22 12:00:18,574 [cuckoo.core.startup] DEBUG: |-- InjectionQueueApcThread 2018-05-22 12:00:18,574 [cuckoo.core.startup] DEBUG: |-- InjectionRunPE 2018-05-22 12:00:18,574 [cuckoo.core.startup] DEBUG: |-- InjectionWriteMemory 2018-05-22 12:00:18,574 [cuckoo.core.startup] DEBUG: |-- InjectionWriteMemoryEXE 2018-05-22 12:00:18,574 [cuckoo.core.startup] DEBUG: |-- InstalledApps 2018-05-22 12:00:18,574 [cuckoo.core.startup] DEBUG: |-- InstallsAppInit 2018-05-22 12:00:18,574 [cuckoo.core.startup] DEBUG: |-- InstallsBHO 2018-05-22 12:00:18,574 [cuckoo.core.startup] DEBUG: |-- InstallsWinpcap 2018-05-22 12:00:18,574 [cuckoo.core.startup] DEBUG: |-- IPKillerMutexes 2018-05-22 12:00:18,574 [cuckoo.core.startup] DEBUG: |-- Ircbrute 2018-05-22 12:00:18,575 [cuckoo.core.startup] DEBUG: |-- ISRstealerURL 2018-05-22 12:00:18,575 [cuckoo.core.startup] DEBUG: |-- iStealerURL 2018-05-22 12:00:18,575 [cuckoo.core.startup] DEBUG: |-- JackPOSFile 2018-05-22 12:00:18,575 [cuckoo.core.startup] DEBUG: |-- JackposURL 2018-05-22 12:00:18,575 [cuckoo.core.startup] DEBUG: |-- JavaScriptCommandline 2018-05-22 12:00:18,575 [cuckoo.core.startup] DEBUG: |-- JeefoMutexes 2018-05-22 12:00:18,575 [cuckoo.core.startup] DEBUG: |-- Jewdo 2018-05-22 12:00:18,575 [cuckoo.core.startup] DEBUG: |-- JintorMutexes 2018-05-22 12:00:18,575 [cuckoo.core.startup] DEBUG: |-- JorikTrojan 2018-05-22 12:00:18,575 [cuckoo.core.startup] DEBUG: |-- Karagany 2018-05-22 12:00:18,576 [cuckoo.core.startup] DEBUG: |-- Karakum 2018-05-22 12:00:18,576 [cuckoo.core.startup] DEBUG: |-- Katusha 2018-05-22 12:00:18,576 [cuckoo.core.startup] DEBUG: |-- KelihosBot 2018-05-22 12:00:18,576 [cuckoo.core.startup] DEBUG: |-- Keylogger 2018-05-22 12:00:18,576 [cuckoo.core.startup] DEBUG: |-- Kilim 2018-05-22 12:00:18,576 [cuckoo.core.startup] DEBUG: |-- Killdisk 2018-05-22 12:00:18,576 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2018-05-22 12:00:18,576 [cuckoo.core.startup] DEBUG: |-- Koobface 2018-05-22 12:00:18,576 [cuckoo.core.startup] DEBUG: |-- Koutodoor 2018-05-22 12:00:18,577 [cuckoo.core.startup] DEBUG: |-- KovterBot 2018-05-22 12:00:18,577 [cuckoo.core.startup] DEBUG: |-- KrepperMutexes 2018-05-22 12:00:18,577 [cuckoo.core.startup] DEBUG: |-- KuluozMutexes 2018-05-22 12:00:18,577 [cuckoo.core.startup] DEBUG: |-- Likseput 2018-05-22 12:00:18,577 [cuckoo.core.startup] DEBUG: |-- LocatesBrowser 2018-05-22 12:00:18,577 [cuckoo.core.startup] DEBUG: |-- LocatesSniffer 2018-05-22 12:00:18,577 [cuckoo.core.startup] DEBUG: |-- Lockscreen 2018-05-22 12:00:18,577 [cuckoo.core.startup] DEBUG: |-- LolBot 2018-05-22 12:00:18,577 [cuckoo.core.startup] DEBUG: |-- Luder 2018-05-22 12:00:18,578 [cuckoo.core.startup] DEBUG: |-- Madness 2018-05-22 12:00:18,578 [cuckoo.core.startup] DEBUG: |-- Madness 2018-05-22 12:00:18,578 [cuckoo.core.startup] DEBUG: |-- MadnessURL 2018-05-22 12:00:18,578 [cuckoo.core.startup] DEBUG: |-- MaganiaMutexes 2018-05-22 12:00:18,578 [cuckoo.core.startup] DEBUG: |-- MailStealer 2018-05-22 12:00:18,578 [cuckoo.core.startup] DEBUG: |-- MaliciousDocumentURLs 2018-05-22 12:00:18,578 [cuckoo.core.startup] DEBUG: |-- MartianCommandProcess 2018-05-22 12:00:18,578 [cuckoo.core.startup] DEBUG: |-- MegaUpload 2018-05-22 12:00:18,578 [cuckoo.core.startup] DEBUG: |-- MemoryAvailable 2018-05-22 12:00:18,578 [cuckoo.core.startup] DEBUG: |-- MemoryProtectionRX 2018-05-22 12:00:18,579 [cuckoo.core.startup] DEBUG: |-- MetasploitShellcode 2018-05-22 12:00:18,579 [cuckoo.core.startup] DEBUG: |-- Minerbot 2018-05-22 12:00:18,579 [cuckoo.core.startup] DEBUG: |-- miningpool 2018-05-22 12:00:18,579 [cuckoo.core.startup] DEBUG: |-- MircFile 2018-05-22 12:00:18,579 [cuckoo.core.startup] DEBUG: |-- ModifiesBootConfig 2018-05-22 12:00:18,579 [cuckoo.core.startup] DEBUG: |-- ModifiesCertificates 2018-05-22 12:00:18,579 [cuckoo.core.startup] DEBUG: |-- ModifiesDesktopWallpaper 2018-05-22 12:00:18,579 [cuckoo.core.startup] DEBUG: |-- ModifiesFirefoxConfiguration 2018-05-22 12:00:18,579 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyAutoConfig 2018-05-22 12:00:18,580 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyOverride 2018-05-22 12:00:18,580 [cuckoo.core.startup] DEBUG: |-- ModifiesProxyWPAD 2018-05-22 12:00:18,580 [cuckoo.core.startup] DEBUG: |-- ModifiesUACNotify 2018-05-22 12:00:18,580 [cuckoo.core.startup] DEBUG: |-- ModifySecurityCenterWarnings 2018-05-22 12:00:18,580 [cuckoo.core.startup] DEBUG: |-- MovesSelf 2018-05-22 12:00:18,580 [cuckoo.core.startup] DEBUG: |-- Multiple_UA 2018-05-22 12:00:18,580 [cuckoo.core.startup] DEBUG: |-- MyBot 2018-05-22 12:00:18,580 [cuckoo.core.startup] DEBUG: |-- Nakbot 2018-05-22 12:00:18,580 [cuckoo.core.startup] DEBUG: |-- Napolar 2018-05-22 12:00:18,580 [cuckoo.core.startup] DEBUG: |-- Nebuler 2018-05-22 12:00:18,581 [cuckoo.core.startup] DEBUG: |-- Netobserve 2018-05-22 12:00:18,581 [cuckoo.core.startup] DEBUG: |-- Netshadow 2018-05-22 12:00:18,581 [cuckoo.core.startup] DEBUG: |-- Netwire 2018-05-22 12:00:18,581 [cuckoo.core.startup] DEBUG: |-- NetworkAdapters 2018-05-22 12:00:18,581 [cuckoo.core.startup] DEBUG: |-- NetworkDocumentFile 2018-05-22 12:00:18,581 [cuckoo.core.startup] DEBUG: |-- NetworkEXE 2018-05-22 12:00:18,581 [cuckoo.core.startup] DEBUG: |-- Nitol 2018-05-22 12:00:18,581 [cuckoo.core.startup] DEBUG: |-- NjRat 2018-05-22 12:00:18,581 [cuckoo.core.startup] DEBUG: |-- NtSetContextThreadRemote 2018-05-22 12:00:18,582 [cuckoo.core.startup] DEBUG: |-- Nymaim_APIs 2018-05-22 12:00:18,582 [cuckoo.core.startup] DEBUG: |-- ObfusMutexes 2018-05-22 12:00:18,582 [cuckoo.core.startup] DEBUG: |-- OfficeCheckName 2018-05-22 12:00:18,582 [cuckoo.core.startup] DEBUG: |-- OfficeCheckProjectName 2018-05-22 12:00:18,582 [cuckoo.core.startup] DEBUG: |-- OfficeCheckVersion 2018-05-22 12:00:18,582 [cuckoo.core.startup] DEBUG: |-- OfficeCheckWindow 2018-05-22 12:00:18,582 [cuckoo.core.startup] DEBUG: |-- OfficeCountDirectories 2018-05-22 12:00:18,582 [cuckoo.core.startup] DEBUG: |-- OfficeCreateObject 2018-05-22 12:00:18,582 [cuckoo.core.startup] DEBUG: |-- OfficeDDE 2018-05-22 12:00:18,582 [cuckoo.core.startup] DEBUG: |-- OfficeEpsStrings 2018-05-22 12:00:18,583 [cuckoo.core.startup] DEBUG: |-- OfficeHttpRequest 2018-05-22 12:00:18,583 [cuckoo.core.startup] DEBUG: |-- OfficeIndirectCall 2018-05-22 12:00:18,583 [cuckoo.core.startup] DEBUG: |-- OfficePackager 2018-05-22 12:00:18,583 [cuckoo.core.startup] DEBUG: |-- OfficePlatformDetect 2018-05-22 12:00:18,583 [cuckoo.core.startup] DEBUG: |-- OfficeRecentFiles 2018-05-22 12:00:18,583 [cuckoo.core.startup] DEBUG: |-- OfficeVulnerableGuid 2018-05-22 12:00:18,583 [cuckoo.core.startup] DEBUG: |-- OfficeVulnModules 2018-05-22 12:00:18,583 [cuckoo.core.startup] DEBUG: |-- Oldrea 2018-05-22 12:00:18,583 [cuckoo.core.startup] DEBUG: |-- PackerEntropy 2018-05-22 12:00:18,583 [cuckoo.core.startup] DEBUG: |-- Palevo 2018-05-22 12:00:18,584 [cuckoo.core.startup] DEBUG: |-- ParallelsDetectKeys 2018-05-22 12:00:18,584 [cuckoo.core.startup] DEBUG: |-- ParallelsDetectWindow 2018-05-22 12:00:18,584 [cuckoo.core.startup] DEBUG: |-- Pasta 2018-05-22 12:00:18,584 [cuckoo.core.startup] DEBUG: |-- PcClientMutexes 2018-05-22 12:00:18,584 [cuckoo.core.startup] DEBUG: |-- PEFeatures 2018-05-22 12:00:18,584 [cuckoo.core.startup] DEBUG: |-- PEIDPacker 2018-05-22 12:00:18,584 [cuckoo.core.startup] DEBUG: |-- PerfLogger 2018-05-22 12:00:18,584 [cuckoo.core.startup] DEBUG: |-- PersistenceBootexecute 2018-05-22 12:00:18,584 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryEXE 2018-05-22 12:00:18,584 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryJavaScript 2018-05-22 12:00:18,585 [cuckoo.core.startup] DEBUG: |-- PersistenceRegistryPowershell 2018-05-22 12:00:18,585 [cuckoo.core.startup] DEBUG: |-- PEUnknownResourceName 2018-05-22 12:00:18,585 [cuckoo.core.startup] DEBUG: |-- Phorpiex 2018-05-22 12:00:18,585 [cuckoo.core.startup] DEBUG: |-- Pidief 2018-05-22 12:00:18,585 [cuckoo.core.startup] DEBUG: |-- Plugx 2018-05-22 12:00:18,585 [cuckoo.core.startup] DEBUG: |-- Poebot 2018-05-22 12:00:18,585 [cuckoo.core.startup] DEBUG: |-- PoisonIvy 2018-05-22 12:00:18,585 [cuckoo.core.startup] DEBUG: |-- Polymorphic 2018-05-22 12:00:18,585 [cuckoo.core.startup] DEBUG: |-- Ponfoy 2018-05-22 12:00:18,585 [cuckoo.core.startup] DEBUG: |-- PonyURL 2018-05-22 12:00:18,586 [cuckoo.core.startup] DEBUG: |-- PosCardStealerURL 2018-05-22 12:00:18,586 [cuckoo.core.startup] DEBUG: |-- Powerfun 2018-05-22 12:00:18,586 [cuckoo.core.startup] DEBUG: |-- PowershellBitsTransfer 2018-05-22 12:00:18,586 [cuckoo.core.startup] DEBUG: |-- PowershellCcDns 2018-05-22 12:00:18,586 [cuckoo.core.startup] DEBUG: |-- PowershellDdiRc4 2018-05-22 12:00:18,586 [cuckoo.core.startup] DEBUG: |-- PowershellDFSP 2018-05-22 12:00:18,586 [cuckoo.core.startup] DEBUG: |-- PowershellDI 2018-05-22 12:00:18,586 [cuckoo.core.startup] DEBUG: |-- PowershellDownload 2018-05-22 12:00:18,586 [cuckoo.core.startup] DEBUG: |-- PowershellEmpire 2018-05-22 12:00:18,586 [cuckoo.core.startup] DEBUG: |-- PowershellMeterpreter 2018-05-22 12:00:18,587 [cuckoo.core.startup] DEBUG: |-- PowershellRegAdd 2018-05-22 12:00:18,587 [cuckoo.core.startup] DEBUG: |-- PowershellRequest 2018-05-22 12:00:18,587 [cuckoo.core.startup] DEBUG: |-- PowershellUnicorn 2018-05-22 12:00:18,587 [cuckoo.core.startup] DEBUG: |-- Powerworm 2018-05-22 12:00:18,587 [cuckoo.core.startup] DEBUG: |-- Prinimalka 2018-05-22 12:00:18,587 [cuckoo.core.startup] DEBUG: |-- PrivilegeLUIDCheck 2018-05-22 12:00:18,587 [cuckoo.core.startup] DEBUG: |-- ProcessInterest 2018-05-22 12:00:18,587 [cuckoo.core.startup] DEBUG: |-- ProcessMartian 2018-05-22 12:00:18,587 [cuckoo.core.startup] DEBUG: |-- ProcessNeeded 2018-05-22 12:00:18,587 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpIPURLs 2018-05-22 12:00:18,587 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpTORURLs 2018-05-22 12:00:18,588 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpURLs 2018-05-22 12:00:18,588 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpYara 2018-05-22 12:00:18,588 [cuckoo.core.startup] DEBUG: |-- Psyokym 2018-05-22 12:00:18,588 [cuckoo.core.startup] DEBUG: |-- PuceMutexes 2018-05-22 12:00:18,588 [cuckoo.core.startup] DEBUG: |-- PutterpandaMutexes 2018-05-22 12:00:18,588 [cuckoo.core.startup] DEBUG: |-- Putty 2018-05-22 12:00:18,588 [cuckoo.core.startup] DEBUG: |-- PWDumpFile 2018-05-22 12:00:18,588 [cuckoo.core.startup] DEBUG: |-- Pykse 2018-05-22 12:00:18,588 [cuckoo.core.startup] DEBUG: |-- Qakbot 2018-05-22 12:00:18,588 [cuckoo.core.startup] DEBUG: |-- QueriesInstalledApps 2018-05-22 12:00:18,589 [cuckoo.core.startup] DEBUG: |-- Ragebot 2018-05-22 12:00:18,589 [cuckoo.core.startup] DEBUG: |-- RaisesException 2018-05-22 12:00:18,589 [cuckoo.core.startup] DEBUG: |-- Ramnit 2018-05-22 12:00:18,589 [cuckoo.core.startup] DEBUG: |-- RamsomwareFileMoves 2018-05-22 12:00:18,589 [cuckoo.core.startup] DEBUG: |-- ransomware_viruscoder 2018-05-22 12:00:18,589 [cuckoo.core.startup] DEBUG: |-- RansomwareAppendsExtension 2018-05-22 12:00:18,589 [cuckoo.core.startup] DEBUG: |-- RansomwareBcdedit 2018-05-22 12:00:18,589 [cuckoo.core.startup] DEBUG: |-- RansomwareDroppedFiles 2018-05-22 12:00:18,589 [cuckoo.core.startup] DEBUG: |-- RansomwareExtensions 2018-05-22 12:00:18,590 [cuckoo.core.startup] DEBUG: |-- RansomwareFiles 2018-05-22 12:00:18,590 [cuckoo.core.startup] DEBUG: |-- RansomwareMassFileDelete 2018-05-22 12:00:18,590 [cuckoo.core.startup] DEBUG: |-- RansomwareMessage 2018-05-22 12:00:18,590 [cuckoo.core.startup] DEBUG: |-- RansomwareMessageOCR 2018-05-22 12:00:18,590 [cuckoo.core.startup] DEBUG: |-- RansomwareRecyclebin 2018-05-22 12:00:18,590 [cuckoo.core.startup] DEBUG: |-- RansomwareShadowcopy 2018-05-22 12:00:18,590 [cuckoo.core.startup] DEBUG: |-- RansomwareWbadmin 2018-05-22 12:00:18,590 [cuckoo.core.startup] DEBUG: |-- RapidShare 2018-05-22 12:00:18,590 [cuckoo.core.startup] DEBUG: |-- rat_fexel_ip 2018-05-22 12:00:18,590 [cuckoo.core.startup] DEBUG: |-- rat_naid_ip 2018-05-22 12:00:18,590 [cuckoo.core.startup] DEBUG: |-- RatSiggen 2018-05-22 12:00:18,591 [cuckoo.core.startup] DEBUG: |-- RBot 2018-05-22 12:00:18,591 [cuckoo.core.startup] DEBUG: |-- RdpMutexes 2018-05-22 12:00:18,591 [cuckoo.core.startup] DEBUG: |-- ReadsUserAgent 2018-05-22 12:00:18,591 [cuckoo.core.startup] DEBUG: |-- Recon_Beacon 2018-05-22 12:00:18,591 [cuckoo.core.startup] DEBUG: |-- RemovesZoneIdADS 2018-05-22 12:00:18,591 [cuckoo.core.startup] DEBUG: |-- Renocide 2018-05-22 12:00:18,591 [cuckoo.core.startup] DEBUG: |-- RenosTrojan 2018-05-22 12:00:18,591 [cuckoo.core.startup] DEBUG: |-- ResumeThread 2018-05-22 12:00:18,591 [cuckoo.core.startup] DEBUG: |-- Rovnix 2018-05-22 12:00:18,591 [cuckoo.core.startup] DEBUG: |-- RTFCharacterSet 2018-05-22 12:00:18,592 [cuckoo.core.startup] DEBUG: |-- RTFUnknownVersion 2018-05-22 12:00:18,592 [cuckoo.core.startup] DEBUG: |-- Runbu 2018-05-22 12:00:18,592 [cuckoo.core.startup] DEBUG: |-- RunouceMutexes 2018-05-22 12:00:18,592 [cuckoo.core.startup] DEBUG: |-- Ruskill 2018-05-22 12:00:18,592 [cuckoo.core.startup] DEBUG: |-- Sadbot 2018-05-22 12:00:18,592 [cuckoo.core.startup] DEBUG: |-- SandboxieDetect 2018-05-22 12:00:18,592 [cuckoo.core.startup] DEBUG: |-- SandboxJoeAnubisDetectFiles 2018-05-22 12:00:18,592 [cuckoo.core.startup] DEBUG: |-- SDBot 2018-05-22 12:00:18,592 [cuckoo.core.startup] DEBUG: |-- SelfDeleteBat 2018-05-22 12:00:18,592 [cuckoo.core.startup] DEBUG: |-- Senna 2018-05-22 12:00:18,593 [cuckoo.core.startup] DEBUG: |-- Shadowbot 2018-05-22 12:00:18,593 [cuckoo.core.startup] DEBUG: |-- SharingRGhost 2018-05-22 12:00:18,593 [cuckoo.core.startup] DEBUG: |-- SharpStealerURL 2018-05-22 12:00:18,593 [cuckoo.core.startup] DEBUG: |-- ShellcodeWriteProcessMemory 2018-05-22 12:00:18,593 [cuckoo.core.startup] DEBUG: |-- Shiz 2018-05-22 12:00:18,593 [cuckoo.core.startup] DEBUG: |-- Shylock 2018-05-22 12:00:18,593 [cuckoo.core.startup] DEBUG: |-- SipStun 2018-05-22 12:00:18,593 [cuckoo.core.startup] DEBUG: |-- Smtp_GMail 2018-05-22 12:00:18,593 [cuckoo.core.startup] DEBUG: |-- Smtp_Live 2018-05-22 12:00:18,593 [cuckoo.core.startup] DEBUG: |-- Smtp_Mail_Ru 2018-05-22 12:00:18,594 [cuckoo.core.startup] DEBUG: |-- Smtp_Yahoo 2018-05-22 12:00:18,594 [cuckoo.core.startup] DEBUG: |-- SolarURL 2018-05-22 12:00:18,594 [cuckoo.core.startup] DEBUG: |-- SpyEyeMutexes 2018-05-22 12:00:18,594 [cuckoo.core.startup] DEBUG: |-- SpyeyeURL 2018-05-22 12:00:18,594 [cuckoo.core.startup] DEBUG: |-- SpynetRat 2018-05-22 12:00:18,594 [cuckoo.core.startup] DEBUG: |-- Spyrecorder 2018-05-22 12:00:18,594 [cuckoo.core.startup] DEBUG: |-- StackPivot 2018-05-22 12:00:18,594 [cuckoo.core.startup] DEBUG: |-- StackPivotShellcodeAPIs 2018-05-22 12:00:18,594 [cuckoo.core.startup] DEBUG: |-- StackPivotShellcodeCreateProcess 2018-05-22 12:00:18,594 [cuckoo.core.startup] DEBUG: |-- Staser 2018-05-22 12:00:18,595 [cuckoo.core.startup] DEBUG: |-- StealthChildProc 2018-05-22 12:00:18,595 [cuckoo.core.startup] DEBUG: |-- StealthHiddenExtension 2018-05-22 12:00:18,595 [cuckoo.core.startup] DEBUG: |-- StealthHiddenFile 2018-05-22 12:00:18,595 [cuckoo.core.startup] DEBUG: |-- StealthHiddenIcons 2018-05-22 12:00:18,595 [cuckoo.core.startup] DEBUG: |-- StealthHideNotifications 2018-05-22 12:00:18,595 [cuckoo.core.startup] DEBUG: |-- StealthSystemProcName 2018-05-22 12:00:18,595 [cuckoo.core.startup] DEBUG: |-- StopsService 2018-05-22 12:00:18,595 [cuckoo.core.startup] DEBUG: |-- SunbeltDetectFiles 2018-05-22 12:00:18,595 [cuckoo.core.startup] DEBUG: |-- SunBeltSandboxDetect 2018-05-22 12:00:18,595 [cuckoo.core.startup] DEBUG: |-- SuspiciousCommandTools 2018-05-22 12:00:18,596 [cuckoo.core.startup] DEBUG: |-- SuspiciousPowershell 2018-05-22 12:00:18,596 [cuckoo.core.startup] DEBUG: |-- SuspiciousWriteEXE 2018-05-22 12:00:18,596 [cuckoo.core.startup] DEBUG: |-- SweetorangeMutexes 2018-05-22 12:00:18,596 [cuckoo.core.startup] DEBUG: |-- Swrort 2018-05-22 12:00:18,596 [cuckoo.core.startup] DEBUG: |-- SysInternalsToolsUsage 2018-05-22 12:00:18,596 [cuckoo.core.startup] DEBUG: |-- SystemInfo 2018-05-22 12:00:18,596 [cuckoo.core.startup] DEBUG: |-- SystemMetrics 2018-05-22 12:00:18,596 [cuckoo.core.startup] DEBUG: |-- TapiDpMutexes 2018-05-22 12:00:18,596 [cuckoo.core.startup] DEBUG: |-- TDSSBackdoor 2018-05-22 12:00:18,596 [cuckoo.core.startup] DEBUG: |-- TeamviewerRat 2018-05-22 12:00:18,597 [cuckoo.core.startup] DEBUG: |-- TerminatesRemoteProcess 2018-05-22 12:00:18,597 [cuckoo.core.startup] DEBUG: |-- ThreatTrackDetectFiles 2018-05-22 12:00:18,597 [cuckoo.core.startup] DEBUG: |-- TinbaMutexes 2018-05-22 12:00:18,597 [cuckoo.core.startup] DEBUG: |-- TnegaMutexes 2018-05-22 12:00:18,597 [cuckoo.core.startup] DEBUG: |-- Tor 2018-05-22 12:00:18,597 [cuckoo.core.startup] DEBUG: |-- TorHiddenService 2018-05-22 12:00:18,597 [cuckoo.core.startup] DEBUG: |-- Travnet 2018-05-22 12:00:18,597 [cuckoo.core.startup] DEBUG: |-- Trogbot 2018-05-22 12:00:18,597 [cuckoo.core.startup] DEBUG: |-- TrojanJorik 2018-05-22 12:00:18,597 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2018-05-22 12:00:18,598 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2018-05-22 12:00:18,598 [cuckoo.core.startup] DEBUG: |-- trojanmrblack 2018-05-22 12:00:18,598 [cuckoo.core.startup] DEBUG: |-- TrojanRedosru 2018-05-22 12:00:18,598 [cuckoo.core.startup] DEBUG: |-- TrojanSysn 2018-05-22 12:00:18,598 [cuckoo.core.startup] DEBUG: |-- trojanyoddos 2018-05-22 12:00:18,598 [cuckoo.core.startup] DEBUG: |-- TufikMutexes 2018-05-22 12:00:18,598 [cuckoo.core.startup] DEBUG: |-- Turkojan 2018-05-22 12:00:18,598 [cuckoo.core.startup] DEBUG: |-- TurlaCarbon 2018-05-22 12:00:18,598 [cuckoo.core.startup] DEBUG: |-- UFRStealer 2018-05-22 12:00:18,598 [cuckoo.core.startup] DEBUG: |-- Unhook 2018-05-22 12:00:18,599 [cuckoo.core.startup] DEBUG: |-- Upatre 2018-05-22 12:00:18,599 [cuckoo.core.startup] DEBUG: |-- UpatreTDMutexes 2018-05-22 12:00:18,599 [cuckoo.core.startup] DEBUG: |-- UPXCompressed 2018-05-22 12:00:18,599 [cuckoo.core.startup] DEBUG: |-- UrkShortCN 2018-05-22 12:00:18,599 [cuckoo.core.startup] DEBUG: |-- URLFile 2018-05-22 12:00:18,599 [cuckoo.core.startup] DEBUG: |-- URLSpy 2018-05-22 12:00:18,599 [cuckoo.core.startup] DEBUG: |-- UroburosFile 2018-05-22 12:00:18,599 [cuckoo.core.startup] DEBUG: |-- UroburosMutexes 2018-05-22 12:00:18,599 [cuckoo.core.startup] DEBUG: |-- Urxbot 2018-05-22 12:00:18,599 [cuckoo.core.startup] DEBUG: |-- UsesWindowsUtilities 2018-05-22 12:00:18,600 [cuckoo.core.startup] DEBUG: |-- Vanbot 2018-05-22 12:00:18,600 [cuckoo.core.startup] DEBUG: |-- VBInject 2018-05-22 12:00:18,600 [cuckoo.core.startup] DEBUG: |-- VBoxDetectACPI 2018-05-22 12:00:18,600 [cuckoo.core.startup] DEBUG: |-- VBoxDetectDevices 2018-05-22 12:00:18,600 [cuckoo.core.startup] DEBUG: |-- VBoxDetectFiles 2018-05-22 12:00:18,600 [cuckoo.core.startup] DEBUG: |-- VBoxDetectKeys 2018-05-22 12:00:18,600 [cuckoo.core.startup] DEBUG: |-- VBoxDetectProvname 2018-05-22 12:00:18,600 [cuckoo.core.startup] DEBUG: |-- VBoxDetectWindow 2018-05-22 12:00:18,600 [cuckoo.core.startup] DEBUG: |-- Vertex 2018-05-22 12:00:18,600 [cuckoo.core.startup] DEBUG: |-- VertexSolarURL 2018-05-22 12:00:18,601 [cuckoo.core.startup] DEBUG: |-- VirtualPCDetect 2018-05-22 12:00:18,601 [cuckoo.core.startup] DEBUG: |-- VirtualPCDetectWindow 2018-05-22 12:00:18,601 [cuckoo.core.startup] DEBUG: |-- VirtualPCIllegalInstruction 2018-05-22 12:00:18,601 [cuckoo.core.startup] DEBUG: |-- Virut 2018-05-22 12:00:18,601 [cuckoo.core.startup] DEBUG: |-- VMFirmware 2018-05-22 12:00:18,601 [cuckoo.core.startup] DEBUG: |-- VMPPacked 2018-05-22 12:00:18,601 [cuckoo.core.startup] DEBUG: |-- VMWareDetectFiles 2018-05-22 12:00:18,601 [cuckoo.core.startup] DEBUG: |-- VMWareDetectKeys 2018-05-22 12:00:18,601 [cuckoo.core.startup] DEBUG: |-- VMwareDetectWindow 2018-05-22 12:00:18,601 [cuckoo.core.startup] DEBUG: |-- VMWareInInstruction 2018-05-22 12:00:18,602 [cuckoo.core.startup] DEBUG: |-- VncMutexes 2018-05-22 12:00:18,602 [cuckoo.core.startup] DEBUG: |-- VNLoaderURL 2018-05-22 12:00:18,602 [cuckoo.core.startup] DEBUG: |-- VolDevicetree1 2018-05-22 12:00:18,602 [cuckoo.core.startup] DEBUG: |-- VolHandles1 2018-05-22 12:00:18,602 [cuckoo.core.startup] DEBUG: |-- VolLdrModules1 2018-05-22 12:00:18,602 [cuckoo.core.startup] DEBUG: |-- VolLdrModules2 2018-05-22 12:00:18,602 [cuckoo.core.startup] DEBUG: |-- VolMalfind1 2018-05-22 12:00:18,602 [cuckoo.core.startup] DEBUG: |-- VolModscan1 2018-05-22 12:00:18,602 [cuckoo.core.startup] DEBUG: |-- VolSvcscan1 2018-05-22 12:00:18,602 [cuckoo.core.startup] DEBUG: |-- VolSvcscan2 2018-05-22 12:00:18,603 [cuckoo.core.startup] DEBUG: |-- VolSvcscan3 2018-05-22 12:00:18,603 [cuckoo.core.startup] DEBUG: |-- VPCDetectKeys 2018-05-22 12:00:18,603 [cuckoo.core.startup] DEBUG: |-- Wakbot 2018-05-22 12:00:18,603 [cuckoo.core.startup] DEBUG: |-- WarbotURL 2018-05-22 12:00:18,603 [cuckoo.core.startup] DEBUG: |-- Whimoo 2018-05-22 12:00:18,603 [cuckoo.core.startup] DEBUG: |-- Win32ProcessCreate 2018-05-22 12:00:18,603 [cuckoo.core.startup] DEBUG: |-- WineDetect 2018-05-22 12:00:18,603 [cuckoo.core.startup] DEBUG: |-- WinSCP 2018-05-22 12:00:18,603 [cuckoo.core.startup] DEBUG: |-- WinSxsBot 2018-05-22 12:00:18,603 [cuckoo.core.startup] DEBUG: |-- WMIAntiVM 2018-05-22 12:00:18,604 [cuckoo.core.startup] DEBUG: |-- WMIPersistance 2018-05-22 12:00:18,604 [cuckoo.core.startup] DEBUG: |-- WMIService 2018-05-22 12:00:18,604 [cuckoo.core.startup] DEBUG: |-- WormAllaple 2018-05-22 12:00:18,604 [cuckoo.core.startup] DEBUG: |-- WormKolabc 2018-05-22 12:00:18,604 [cuckoo.core.startup] DEBUG: |-- XenDetectKeys 2018-05-22 12:00:18,604 [cuckoo.core.startup] DEBUG: |-- XtremeRAT 2018-05-22 12:00:18,604 [cuckoo.core.startup] DEBUG: |-- Xworm 2018-05-22 12:00:18,604 [cuckoo.core.startup] DEBUG: |-- Zegost 2018-05-22 12:00:18,604 [cuckoo.core.startup] DEBUG: |-- ZeusMutexes 2018-05-22 12:00:18,604 [cuckoo.core.startup] DEBUG: |-- ZeusP2P 2018-05-22 12:00:18,605 [cuckoo.core.startup] DEBUG: |-- ZeusURL 2018-05-22 12:00:18,605 [cuckoo.core.startup] DEBUG:-- ZoneID 2018-05-22 12:00:18,605 [cuckoo.core.startup] DEBUG: Imported "reporting" modules: 2018-05-22 12:00:18,605 [cuckoo.core.startup] DEBUG: |-- ElasticSearch 2018-05-22 12:00:18,605 [cuckoo.core.startup] DEBUG: |-- Feedback 2018-05-22 12:00:18,605 [cuckoo.core.startup] DEBUG: |-- JsonDump 2018-05-22 12:00:18,605 [cuckoo.core.startup] DEBUG: |-- Mattermost 2018-05-22 12:00:18,605 [cuckoo.core.startup] DEBUG: |-- MISP 2018-05-22 12:00:18,605 [cuckoo.core.startup] DEBUG: |-- Moloch 2018-05-22 12:00:18,605 [cuckoo.core.startup] DEBUG: |-- MongoDB 2018-05-22 12:00:18,606 [cuckoo.core.startup] DEBUG: |-- Notification 2018-05-22 12:00:18,606 [cuckoo.core.startup] DEBUG: `-- SingleFile 2018-05-22 12:00:18,611 [cuckoo.core.startup] DEBUG: Checking for locked tasks.. 2018-05-22 12:00:18,883 [cuckoo.core.startup] INFO: Updated running task ID 15 status to failed_analysis 2018-05-22 12:00:18,883 [cuckoo.core.startup] DEBUG: Checking for pending service tasks.. 2018-05-22 12:00:18,891 [cuckoo.core.startup] DEBUG: Initializing Yara... 2018-05-22 12:00:18,894 [cuckoo.core.startup] DEBUG: |-- binaries embedded.yar 2018-05-22 12:00:18,894 [cuckoo.core.startup] DEBUG: |-- binaries filetypes.yar 2018-05-22 12:00:18,894 [cuckoo.core.startup] DEBUG: |-- binaries shellcodes.yar 2018-05-22 12:00:18,894 [cuckoo.core.startup] DEBUG: |-- binaries vmdetect.yar 2018-05-22 12:00:18,896 [cuckoo.core.startup] DEBUG: |-- scripts applocker_bypass.yar 2018-05-22 12:00:18,897 [cuckoo.core.startup] DEBUG: |-- scripts powerfun.yar 2018-05-22 12:00:18,897 [cuckoo.core.startup] DEBUG: |-- scripts powershell_AMSI.yar 2018-05-22 12:00:18,897 [cuckoo.core.startup] DEBUG: |-- scripts powershell_BITS_transfer.yar 2018-05-22 12:00:18,897 [cuckoo.core.startup] DEBUG: |-- scripts powershell_ddi_rc4.yar 2018-05-22 12:00:18,897 [cuckoo.core.startup] DEBUG: |-- scripts powershell_dfsp.yar 2018-05-22 12:00:18,897 [cuckoo.core.startup] DEBUG: |-- scripts powershell_di.yar 2018-05-22 12:00:18,897 [cuckoo.core.startup] DEBUG: |-- scripts powershell_empire.yar 2018-05-22 12:00:18,897 [cuckoo.core.startup] DEBUG: |-- scripts powershell_meterpreter.yar 2018-05-22 12:00:18,897 [cuckoo.core.startup] DEBUG: |-- scripts powershell_txt_c2.yar 2018-05-22 12:00:18,898 [cuckoo.core.startup] DEBUG: |-- scripts powershell_unicorn.yar 2018-05-22 12:00:18,898 [cuckoo.core.startup] DEBUG: |-- scripts powerworm.yar 2018-05-22 12:00:18,898 [cuckoo.core.startup] DEBUG: |-- shellcode metasploit.yar 2018-05-22 12:00:18,899 [cuckoo.core.startup] DEBUG: |-- office dde.yar 2018-05-22 12:00:18,899 [cuckoo.core.startup] DEBUG: |-- office ole.yar 2018-05-22 12:00:18,900 [cuckoo.core.resultserver] DEBUG: ResultServer running on 10.201.4.165:2042. 2018-05-22 12:00:18,901 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2018-05-22 12:00:19,378 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Windows10 2018-05-22 12:00:19,634 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Windows10 to Snapshot1 2018-05-22 12:00:20,087 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2018-05-22 12:00:20,103 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2018-05-22 12:00:58,488 [cuckoo.core.scheduler] DEBUG: Processing task #16 2018-05-22 12:00:58,502 [cuckoo.core.scheduler] INFO: Starting analysis of URL "http://www.yahoo.com" (task #16, options "procmemdump=yes,route=none") 2018-05-22 12:00:58,628 [cuckoo.core.scheduler] INFO: Task #16: acquired machine Windows10 (label=Windows10) 2018-05-22 12:00:58,635 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 13244 (interface=vboxnet0, host=192.168.56.101) 2018-05-22 12:00:58,635 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2018-05-22 12:00:58,717 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Windows10 2018-05-22 12:00:58,908 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Windows10 to Snapshot1 2018-05-22 12:00:59,408 [cuckoo.common.abstracts] DEBUG: Waiting 0 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:00,645 [cuckoo.common.abstracts] DEBUG: Waiting 1 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:01,840 [cuckoo.common.abstracts] DEBUG: Waiting 2 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:03,205 [cuckoo.common.abstracts] DEBUG: Waiting 3 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:04,411 [cuckoo.common.abstracts] DEBUG: Waiting 4 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:05,603 [cuckoo.common.abstracts] DEBUG: Waiting 5 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:06,908 [cuckoo.common.abstracts] DEBUG: Waiting 6 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:08,297 [cuckoo.common.abstracts] DEBUG: Waiting 7 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:09,508 [cuckoo.common.abstracts] DEBUG: Waiting 8 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:10,731 [cuckoo.common.abstracts] DEBUG: Waiting 9 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:11,919 [cuckoo.common.abstracts] DEBUG: Waiting 10 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:13,477 [cuckoo.common.abstracts] DEBUG: Waiting 11 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:14,671 [cuckoo.common.abstracts] DEBUG: Waiting 12 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:16,074 [cuckoo.common.abstracts] DEBUG: Waiting 13 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:17,271 [cuckoo.common.abstracts] DEBUG: Waiting 14 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:18,482 [cuckoo.common.abstracts] DEBUG: Waiting 15 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:19,690 [cuckoo.common.abstracts] DEBUG: Waiting 16 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:20,890 [cuckoo.common.abstracts] DEBUG: Waiting 17 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:22,108 [cuckoo.common.abstracts] DEBUG: Waiting 18 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:23,320 [cuckoo.common.abstracts] DEBUG: Waiting 19 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:24,631 [cuckoo.common.abstracts] DEBUG: Waiting 20 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:25,859 [cuckoo.common.abstracts] DEBUG: Waiting 21 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:27,085 [cuckoo.common.abstracts] DEBUG: Waiting 22 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:28,511 [cuckoo.common.abstracts] DEBUG: Waiting 23 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:29,702 [cuckoo.common.abstracts] DEBUG: Waiting 24 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:30,907 [cuckoo.common.abstracts] DEBUG: Waiting 25 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:32,111 [cuckoo.common.abstracts] DEBUG: Waiting 26 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:33,516 [cuckoo.common.abstracts] DEBUG: Waiting 27 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:34,713 [cuckoo.common.abstracts] DEBUG: Waiting 28 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:36,071 [cuckoo.common.abstracts] DEBUG: Waiting 29 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:37,262 [cuckoo.common.abstracts] DEBUG: Waiting 30 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:38,510 [cuckoo.common.abstracts] DEBUG: Waiting 31 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:39,707 [cuckoo.common.abstracts] DEBUG: Waiting 32 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:41,176 [cuckoo.common.abstracts] DEBUG: Waiting 33 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:42,399 [cuckoo.common.abstracts] DEBUG: Waiting 34 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:43,570 [cuckoo.common.abstracts] DEBUG: Waiting 35 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:44,790 [cuckoo.common.abstracts] DEBUG: Waiting 36 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:46,050 [cuckoo.common.abstracts] DEBUG: Waiting 37 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:47,239 [cuckoo.common.abstracts] DEBUG: Waiting 38 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:48,468 [cuckoo.common.abstracts] DEBUG: Waiting 39 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:49,670 [cuckoo.common.abstracts] DEBUG: Waiting 40 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:50,876 [cuckoo.common.abstracts] DEBUG: Waiting 41 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:52,158 [cuckoo.common.abstracts] DEBUG: Waiting 42 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:53,410 [cuckoo.common.abstracts] DEBUG: Waiting 43 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:54,621 [cuckoo.common.abstracts] DEBUG: Waiting 44 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:55,933 [cuckoo.common.abstracts] DEBUG: Waiting 45 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:57,204 [cuckoo.common.abstracts] DEBUG: Waiting 46 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:58,385 [cuckoo.common.abstracts] DEBUG: Waiting 47 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:01:59,586 [cuckoo.common.abstracts] DEBUG: Waiting 48 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:00,790 [cuckoo.common.abstracts] DEBUG: Waiting 49 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:02,073 [cuckoo.common.abstracts] DEBUG: Waiting 50 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:03,253 [cuckoo.common.abstracts] DEBUG: Waiting 51 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:04,453 [cuckoo.common.abstracts] DEBUG: Waiting 52 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:05,656 [cuckoo.common.abstracts] DEBUG: Waiting 53 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:07,019 [cuckoo.common.abstracts] DEBUG: Waiting 54 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:08,207 [cuckoo.common.abstracts] DEBUG: Waiting 55 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:09,531 [cuckoo.common.abstracts] DEBUG: Waiting 56 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:10,724 [cuckoo.common.abstracts] DEBUG: Waiting 57 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:11,924 [cuckoo.common.abstracts] DEBUG: Waiting 58 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:13,155 [cuckoo.common.abstracts] DEBUG: Waiting 59 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:14,470 [cuckoo.common.abstracts] DEBUG: Waiting 60 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:15,744 [cuckoo.common.abstracts] DEBUG: Waiting 61 cuckooseconds for machine Windows10 to switch to status ('saved',) 2018-05-22 12:02:15,750 [cuckoo.core.scheduler] ERROR: Error starting Virtual Machine! VM: Windows10, error: Timeout hit while for machine Windows10 to change status 2018-05-22 12:02:15,774 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2018-05-22 12:02:15,856 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Windows10 to path /home/d878314/.cuckoo/storage/analyses/16/memory.dmp 2018-05-22 12:02:15,857 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Windows10 2018-05-22 12:02:16,047 [cuckoo.core.scheduler] WARNING: Unable to stop machine Windows10: Trying to stop an already stopped VM: Windows10 2018-05-22 12:02:16,122 [cuckoo.core.rooter] CRITICAL: Unable to passthrough root command as we're unable to connect to the rooter unix socket: [Errno 13] Permission denied. 2018-05-22 12:02:16,195 [cuckoo.core.scheduler] DEBUG: Released database task #16 2018-05-22 12:02:16,482 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" for task #16 2018-05-22 12:02:16,482 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/home/d878314/.cuckoo/storage/analyses/16/logs'. 2018-05-22 12:02:16,483 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" for task #16 2018-05-22 12:02:16,483 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" for task #16 2018-05-22 12:02:16,483 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" for task #16 2018-05-22 12:02:16,484 [cuckoo.processing.memory] ERROR: VM memory dump not found: to create VM memory dumps you have to enable memory_dump in cuckoo.conf! 2018-05-22 12:02:16,484 [cuckoo.core.plugins] DEBUG: Executed processing module "Memory" for task #16 2018-05-22 12:02:16,484 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" for task #16 2018-05-22 12:02:16,484 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" for task #16 2018-05-22 12:02:16,485 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" for task #16 2018-05-22 12:02:16,485 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" for task #16 2018-05-22 12:02:16,485 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" for task #16 2018-05-22 12:02:16,485 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" for task #16 2018-05-22 12:02:16,486 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" for task #16 2018-05-22 12:02:16,488 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" for task #16 2018-05-22 12:02:16,488 [cuckoo.core.plugins] DEBUG: Executed processing module "Extracted" for task #16 2018-05-22 12:02:16,488 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" for task #16 2018-05-22 12:02:16,488 [cuckoo.processing.debug] ERROR: Error processing task #16: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration 2018-05-22 12:02:16,584 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" for task #16 2018-05-22 12:02:16,587 [cuckoo.core.plugins] DEBUG: Running 539 signatures 2018-05-22 12:02:16,697 [cuckoo.core.plugins] ERROR: Failed to run 'on_complete' of the rtf_unknown_character_set signature Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/plugins.py", line 413, in call_signature if not signature.matched and handler(*args, kwargs): File "/home/d878314/.cuckoo/signatures/windows/office_rtf.py", line 55, in on_complete filetype = self.get_results("target", {})["file"]["type"] KeyError: 'file' 2018-05-22 12:02:16,771 [cuckoo.core.plugins] ERROR: Failed to run 'on_complete' of the rtf_unknown_version signature Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/plugins.py", line 413, in call_signature if not signature.matched and handler(*args, *kwargs): File "/home/d878314/.cuckoo/signatures/windows/office_rtf.py", line 27, in on_complete filetype = self.get_results("target", {})["file"]["type"] KeyError: 'file' 2018-05-22 12:02:16,899 [cuckoo.core.plugins] ERROR: Failed to run 'on_complete' of the url_file signature Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/plugins.py", line 413, in call_signature if not signature.matched and handler(args, kwargs): File "/home/d878314/.cuckoo/signatures/windows/url_file.py", line 21, in on_complete if "Internet shortcut" not in self.file.get("type", ""): AttributeError: 'URLFile' object has no attribute 'file' 2018-05-22 12:02:17,013 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump" 2018-05-22 12:02:17,065 [cuckoo.core.plugins] DEBUG: Executed reporting module "SingleFile" 2018-05-22 12:02:17,072 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB" 2018-05-22 12:02:17,072 [cuckoo.core.scheduler] INFO: Task #16: reports generation completed 2018-05-22 12:02:17,082 [cuckoo.core.scheduler] INFO: Task #16: analysis procedure completed

[doomedraven]

1. w10 isn't supported officially so you will be alone with issues
2. host can't connect with agent
3. you have what to do in my previos responses
4. for future use markdown code escape, that is insane output

[k3nd0r]

I finally got it working. I believe my issue was with the snapshot I created for the vm. I think that I had the instance off before taking the snapshot.

Thank you for your help!